New User, Welcome!     Login

<< Previous

Corrected In

AST-2007-022: Buffer overflows in voicemail when using IMAP storage

    |----------------------------------+-------------+-----------------------|
    |    s800i (Asterisk Appliance)    |    1.0.x    | Unaffected            |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    |                              Corrected In                              |
    |------------------------------------------------------------------------|
    |                 Product                  |           Release           |
    |------------------------------------------+-----------------------------|
    |           Asterisk Open Source           |           1.4.13            |
    |------------------------------------------+-----------------------------|

ASA-2007-019: Remote crash vulnerability in Skinny channel driver

   +------------------------------------------------------------------------+
   | Resolution | Asterisk code has been modified to limit the incoming     |
   |            | capabilities count.                                       |
   |            |                                                           |
   |            | Users with configured Skinny devices should upgrade to    |
   |            | the appropriate version listed in the corrected in        |
   |            | section of this advisory.                                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |

AST-2007-021: Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage

   |--------------------------------+-------------+-------------------------|
   |   s800i (Asterisk Appliance)   |    1.0.x    | Not Affectted           |
   +------------------------------------------------------------------------+

+-----------------------------------------------------------------------------------+
|                                   Corrected In                                    |
|-----------------------------------------------------------------------------------|
|Product |                                 Release                                  |
|--------+--------------------------------------------------------------------------|
|Asterisk|             1.4.12 (not released), patch can be found here:              |
|  Open  |http://lists.digium.com/pipermail/asterisk-commits/2007-August/015743.html|

AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application

    |-----------------+----------------+-------------------------------------|
    |     Zaptel      |     1.4.x      | All versions prior to 1.4.7         |
    +------------------------------------------------------------------------+

    +------------------------------------------------------------------------+
    |                              Corrected In                              |
    |------------------------------------------------------------------------|
    |          Product           |                  Release                  |
    |----------------------------+-------------------------------------------|
    |           Zaptel           |          1.2.22, when available           |
    |----------------------------+-------------------------------------------|

AST-2008-002: Two buffer overflows in RTP Codec Payload Handling

   |----------------------------+---------+---------------------------------|
   | s800i (Asterisk Appliance) |  1.1.x  | All versions prior to 1.1.0.2   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |    Product    |                        Release                         |
   |---------------+--------------------------------------------------------|
   | Asterisk Open |    1.4.18.1/1.4.19-rc3/1.6.0-beta6, available from     |
   |    Source     |   http://downloads.digium.com/pub/telephony/asterisk   |

AST-2011-003:

   Asterisk Open Source              1.6.2.x         All versions             
   Asterisk Open Source              1.8.x           All versions             

    

   Corrected In                     
   Product                          Release                                   
   Asterisk Open Source             1.6.1.23, 1.6.2.17.1, 1.8.3.1

AST-2011-005: File Descriptor Resource Exhaustion

         Asterisk Open Source           1.6.1.x     All versions              
         Asterisk Open Source           1.6.2.x     All versions              
         Asterisk Open Source            1.8.x      All versions              
       Asterisk Business Edition         C.x.x      All versions              

                                  Corrected In
              Product                               Release                   
        Asterisk Open Source        1.4.40.1, 1.6.1.25, 1.6.2.17.3, 1.8.3.3   
     Asterisk Business Edition                      C.3.6.4                   

                                    Patches

AST-2007-023 - SQL Injection Vulnerabilty in cdr_addon_mysql

   |   s800i (Asterisk    |    1.0.x    | Unaffected                        |
   |      Appliance)      |             |                                   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                Product                 |            Release            |
   |----------------------------------------+-------------------------------|
   |            Asterisk-Addons             |             1.2.8             |
   |----------------------------------------+-------------------------------|

AST-2012-005: Heap Buffer Overflow in Skinny Channel Driver

                Product              Release Series  
         Asterisk Open Source           1.6.2.x      All Versions             
         Asterisk Open Source            1.8.x       All Versions             
         Asterisk Open Source             10.x       All Versions             

                                  Corrected In
                Product                              Release                  
          Asterisk Open Source              1.6.2.24, 1.8.11.1, 10.3.1        

                                     Patches                          
                                SVN URL                               Revision

AST-2008-006 - 3-way handshake in IAX2 incomplete

   |  s800i (Asterisk Appliance)   |   1.0.x    | All versions prior to     |
   |                               |            | 1.1.0.3                   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                   Product                   |         Release          |
   |---------------------------------------------+--------------------------|
   |            Asterisk Open Source             |          1.2.28          |
   |---------------------------------------------+--------------------------|

AST-2011-002: Multiple array overflow and crash vulnerabilities in UDPTL code

         Asterisk Open Source            1.6.x      All versions              
       Asterisk Business Edition         C.x.x      All versions              
              AsteriskNOW                 1.5       All versions              
      s800i (Asterisk Appliance)         1.2.x      All versions              

                                  Corrected In
              Product                               Release                   
        Asterisk Open Source        1.4.39.2, 1.6.1.22, 1.6.2.16.2, 1.8.2.4   
     Asterisk Business Edition                      C.3.6.3                   

                                    Patches

AST-2010-002: Dialplan injection vulnerability

|--------------------------------------------------------------------------------------+------|
|http://svn.asterisk.org/svn/asterisk/branches/1.6.2/README-SERIOUSLY.bestpractices.txt|v1.6.2|
+---------------------------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                 Product                  |           Release           |
   |------------------------------------------+-----------------------------|
   |           Open Source Asterisk           |           1.2.40            |
   +------------------------------------------------------------------------+

AST-2011-001: Stack buffer overflow in SIP channel driver

         Asterisk Open Source            1.8.x      All versions              
       Asterisk Business Edition         C.x.x      All versions              
              AsteriskNOW                 1.5       All versions              
      s800i (Asterisk Appliance)         1.2.x      All versions              

                                  Corrected In
            Product                              Release                      
     Asterisk Open Source       1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1,     
                                       1.6.2.16.1, 1.8.1.2, 1.8.2.1           
   Asterisk Business Edition                     C.3.6.2

AST-2009-006: IAX2 Call Number Resource Exhaustion

   |----------------------------------+----------------+--------------------|
   |    s800i (Asterisk Appliance)    |     1.3.x      | All versions       |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                   Product                   |         Release          |
   |---------------------------------------------+--------------------------|
   |            Asterisk Open Source             |          1.2.35          |
   |---------------------------------------------+--------------------------|

AST-2009-008: SIP responses expose valid usernames

   |----------------------------+---------+---------------------------------|
   | s800i (Asterisk Appliance) |  1.2.x  | All versions prior to 1.3.0.5   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                   Product                   |         Release          |
   |---------------------------------------------+--------------------------|
   |            Asterisk Open Source             |          1.2.35          |
   |---------------------------------------------+--------------------------|

AST-2008-011: Traffic amplification in IAX2 firmware provisioning system

   |    s800i (Asterisk Appliance)    |    1.0.x    | All versions prior to |
   |                                  |             | 1.2.0.1               |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                   Product                   |         Release          |
   |---------------------------------------------+--------------------------|
   |            Asterisk Open Source             |          1.2.30          |
   |---------------------------------------------+--------------------------|

AST-2009-002: Remote Crash Vulnerability in SIP channel driver

   |----------------------------+---------+---------------------------------|
   | s800i (Asterisk Appliance) |  1.2.x  | Not affected                    |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                  Product                  |          Release           |
   |-------------------------------------------+----------------------------|
   |           Asterisk Open Source            |          1.4.23.2          |
   |-------------------------------------------+----------------------------|

AST-2011-004:

   Asterisk Open Source              1.6.2.x         All versions             
   Asterisk Open Source              1.8.x           All versions             

    

   Corrected In                     
   Product                          Release                                   
   Asterisk Open Source             1.6.1.23, 1.6.2.17.1, 1.8.3.1

AST-2007-025 - SQL Injection issue in res_config_pgsql

   |------------------------------+-------------+---------------------------|
   |  s800i (Asterisk Appliance)  |    1.0.x    | None                      |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                 Product                  |           Release           |
   |------------------------------------------+-----------------------------|
   |           Asterisk Open Source           |           1.4.15            |
   |------------------------------------------+-----------------------------|

AST-2009-003: SIP responses expose valid usernames

   | s800i (Asterisk Appliance) |   1.3.x    | All versions prior to        |
   |                            |            | 1.3.0.2                      |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                   Product                   |         Release          |
   |---------------------------------------------+--------------------------|
   |            Asterisk Open Source             |          1.2.32          |
   |---------------------------------------------+--------------------------|

AST-2012-004: Asterisk Manager User Unauthorized Shell Access

          Asterisk Open Source            1.6.2.x      All versions           
          Asterisk Open Source             1.8.x       All versions           
          Asterisk Open Source              10.x       All versions           
        Asterisk Business Edition          C.3.x       All versions           

                                  Corrected In
                  Product                              Release                
           Asterisk Open Source              1.6.2.24, 1.8.11.1, 10.3.1       
         Asterisk Business Edition                     C.3.7.4                

                                     Patches

AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver

   |    s800i (Asterisk Appliance)    |    1.0.x    | All versions prior to |
   |                                  |             | 1.0.3                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |    Product    |                        Release                         |
   |---------------+--------------------------------------------------------|
   | Asterisk Open |                 1.4.11, available from                 |
   |    Source     |   http://downloads.digium.com/pub/telephony/asterisk   |
<<Previous

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!